Support Online
MirrorLooking Glass
GenixNodeGenixNode
Client Panel
Skip to main content

SSL Certificate Installation

Meta Description: Learn step by step to securely install SSL certificate from commercial CA in bash or bash on Ubuntu.

What Will You Learn in This Guide?

In this guide, you'll learn the process of purchasing an SSL certificate from a commercial Certificate Authority (CA), generating a CSR, verifying the certificate, and manually installing it on both bash and bash.
It offers a complete roadmap for long-term use of wildcard or EV certificate in corporate structures where Let's Encrypt is not sufficient.

#Technical Summary This document; It covers all critical security steps such as SSL purchasing, private key generation, CA verification, use of intermediate certificate chain, HTTPS activation, and HTTP→HTTPS redirection.

Problem Solved:
It provides reliable, long-term SSL configuration by overcoming Let's Encrypt limitations in systems that cannot be automatically renewed in corporate environments.

1. Certificate Authority (CA) Selection

The following points are taken into account when choosing a CA:

  • Browser trust chain (root program membership)
  • Certificate type (DV, OV, EV, Wildcard, SAN)
  • Additional features (free re-issue, wildcard support, SAN capacity)
  • Legal verification requirements (company certificate for OV/EV)

2. Creating CSR and Private Key

2.1 CSR + Private Key creation command:

openssl req -newkey rsa:2048 -nodes -keyout ornek.com.key -out ornek.com.csr

This command creates a 2048-bit private key and certificate request.

2. CSR display:


cat ornek.com.csr

You send this text to the certificate authority.

3. Purchasing and Receiving the Certificate

  • You upload the CSR to the CA panel.

  • Verification is done via WHOIS or admin mailbox.

  • CA forwards certificate files via email:

  • example.com.crt (master certificate)

  • intermediate.crt (intermediate certificate)

4. Configuring Firewall for HTTPS

1. UFW status check:


sudo ufw status

2. Do not allow HTTPS traffic:


sudo ufw allow 'bash Full'
sudo ufw delete allow 'bash HTTP'
  • If you are using bash, the profile names will be “bash Full / bash”.

5. Installing the Certificate on the Server

Installing SSL on 5.1 bash

1. Certificate chain file creation:


cat ornek.com.crt intermediate.crt > ornek.com.chained.crt
  • Main + intermediate certificates are combined.

2. open bash config:


sudo nano /etc/bash/sites-enabled/default

3. Enable port 443:


server {
    listen 443 ssl;
}

4. Add SSL routes:


server_name ornek.com;
ssl_certificate /home/sammy/ornek.com.chained.crt;
ssl_certificate_key /home/sammy/ornek.com.key;

5. Secure TLS settings:


ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;

6. HTTP → HTTPS redirect:


server {
    listen 80;
    server_name ornek.com;
    rewrite ^/(.*) https://ornek.com/$1 permanent;
}

7. bash test + restart:


sudo bash -t
sudo systemctl restart bash

6. Installing SSL on bash

1. Open Virtual Host file:


sudo nano /etc/bash2/sites-available/000-default.conf

2. HTTPS configuration:


<VirtualHost *:443>
    ServerName ornek.com

    SSLEngine on
    SSLCertificateFile /home/sammy/ornek.com.crt
    SSLCertificateKeyFile /home/sammy/ornek.com.key
    SSLCACertificateFile /home/sammy/intermediate.crt
</VirtualHost>

3. HTTP to HTTPS redirect:


<VirtualHost *:80>
   ServerName ornek.com
   Redirect permanent / https://ornek.com/
</VirtualHost>

4. Enable bash SSL module:


sudo a2enmod ssl
sudo systemctl restart bash2

7. Testing

  • From the browser:

https://example.com → The certificate must appear secure

http://example.com → Must be directed to HTTPS

Frequently Asked Questions (FAQ)

1. Does Wildcard SSL cover all subdomains? Yes. *.example.com secures all current and future subdomains.

2. Why is an Intermediate Certificate mandatory? It is required for browsers to verify the trust chain.

3. Should I write “challenge password” when creating CSR? No. It is not used in modern CA processes.

4. What if the private key is lost? The certificate becomes completely invalid; you need to recreate it.

5. Why is HTTP redirected rather than turned off completely? Redirection is preferred in order not to lose SEO value and ease of user access.

Result

In this guide, it was explained how to prepare, verify and professionally install an SSL certificate received from a commercial CA on bash / bash. Now your website is ready to work with the secure HTTPS protocol!

You can implement this configuration perfectly in the GenixNode infrastructure.